The new iPhone with the fingerprint security system was just made available on Friday and by Saturday the Chaos Computer Club had already figured out how to break into it without the right finger.

The flaw, according to the group, is the phone face is already full of the user’s fingerprints.

First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet.

After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.

“It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token”, said Frank Rieger, spokesperson of the CCC.

About the blogger

Bob Collins has been with Minnesota Public Radio since 1992, emigrating to Minnesota from Massachusetts. He was senior editor of news in the ’90s, ran MPR’s political unit, created the MPR News regional website, invented the popular Select A Candidate, started several blogs, and every day laments that his Minnesota Fantasy Legislature project never caught on.

NewsCut is a blog featuring observations about the news. It provides a forum for an online discussion and debate about events that might not typically make the front page. NewsCut posts are not news stories.

LOL. Not really. Just putting some additional information out there so people don’t unnecessarily have a freak out.

Also, if you really don’t trust that fingerprint scanner, disable it.

aSecurityPro

As many have said, the fingerprint reader is NOT for the uber-security-concious. But it does move the needle for the 60% of people who don’t even have a simple 4-digit passcode on the device that holds huge volumes of sensitive personal information. If even 10% more people take a small step to protect their valuable data, the fingerprint-reader is a success.

BTW, I had an iPaq PDA back in 2002 with a fingerprint reader. Spoofing the things is really not new news.